Re: CVS commit: basesrc

[cgd%netbsd.org@localhost (Chris G. Demetriou)]

Luke Mewburn <lukem%goanna.cs.rmit.edu.au@localhost> writes:
> Jaromir Dolecek writes:
> > Luke Mewburn wrote:
> > > check dst and src aren't null pointers before trying to use them
> > > enable strlcat/strlcpy
> > 
> > Please DO NOT check the dst and src whether they are null. Feedeing
> > NULL pointer to it is a programming error and I strongly prefer
> > sigsegving immedially than running into some other problem later.
> > Lack of NULL check in libc routines helped me many times to uncover
> > the real problem.
> 
> I beg to differ. Checking arguments before use is good practice. I've
> seen enough cases of obscure behaviour that wasn't just a simple
> `core dump' to know that helping the programmer by checking arguments
> is worth it.

i'm in agreement with j.d. here.  The only check that's valid here is:

        assert(whatever != NULL);

and that's accomplished in practice with no run-time expense with our
default process memory layout.


> I've already found & fixed bugs in sendmail, groff, and tcsh.

I don't see how that justifies run-time cost for when you'll detect
the errors anyway via a core in this particular case...

i mean, if you want to add something like that, fine, but i for one
think that it should be off, completely compiled out, by default...


cgd
-- 
Chris Demetriou - cgd%netbsd.org@localhost - 
http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.